Overview

overview

10

Static

static

1

74d52b94db...a2.exe

windows7-x64

10

74d52b94db...a2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74d52b94dbe44e83459e097ea1a1d22631a78bffa24ccf8ecc5492e9af9091a2.exe

  • Size

    583KB

  • Sample

    240912-h2g37sxdpr

  • MD5

    62eab9f468c6599a5a972c3fd1d5aaa4

  • SHA1

    3c8fcdfcc78ea26feb6a51542456fdc9891719cf

  • SHA256

    74d52b94dbe44e83459e097ea1a1d22631a78bffa24ccf8ecc5492e9af9091a2

  • SHA512

    2f05c63b93e3e2c7ef6e7fa7940aef02980520fc511b79f29aedb1b3aed69d5490d3b4d40bed9b5718794b3fa2e5ced85f5811a2666acf89fafac3439ebdb6c8

  • SSDEEP

    12288:TBIJsQZOIPSaJbib6+LBgIlfQORq6vzuOCCn:yJsQQIPS99gIlfQL+zwCn

Score
10/10
azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

Malware Config

Targets

    • Target

      74d52b94dbe44e83459e097ea1a1d22631a78bffa24ccf8ecc5492e9af9091a2.exe

    • Size

      583KB

    • MD5

      62eab9f468c6599a5a972c3fd1d5aaa4

    • SHA1

      3c8fcdfcc78ea26feb6a51542456fdc9891719cf

    • SHA256

      74d52b94dbe44e83459e097ea1a1d22631a78bffa24ccf8ecc5492e9af9091a2

    • SHA512

      2f05c63b93e3e2c7ef6e7fa7940aef02980520fc511b79f29aedb1b3aed69d5490d3b4d40bed9b5718794b3fa2e5ced85f5811a2666acf89fafac3439ebdb6c8

    • SSDEEP

      12288:TBIJsQZOIPSaJbib6+LBgIlfQORq6vzuOCCn:yJsQQIPS99gIlfQL+zwCn

    Score
    10/10
    azorultcollectioncredential_accessdiscoveryexecutioninfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks